Tutorials - Disabling restore

Summary:	Information on disabling the restore utility when infected objects are in the restore database.
Updated:	20th March 2002
Author:	Matt Ham
Company:	Virus Bulletin

Procedure

The Restore utility is designed to retain a copy of important system files so that these can be extracted to replace any files deleted. Unfortunately, many anti-virus products cannot delete or disinfect files in the System Restore area (usually C:\_Restore), and these files can become infected.

In order to remove this source of infection the System Restore feature must be disabled, the files removed and then System Restore may be re-enabled. To do this the following procedure should be followed:

Right-click on the My Computer icon.
Select Properties and then the Performance tab.
Select File System and the Troubleshooting tab.
Select the option 'Disable System Restore'.
Select Apply and then Close twice. The System Restart prompt will appear.
Restart the computer.

The restarted machine will now have a C:\_Restore folder which can be disinfected or the files within it can be deleted or moved as desired.

In order to restore the System Restore function, the above process should be followed once more, with step four being reversed.

Tutorials

Disabling restore

Removing boot sector viruses

How to restore system files

How to boot from DOS

How to remove JS/KAK

Disabling Windows Scripting Host

See also

Tutorials

Resources

Quick Links

Poll

When do you install software updates?
Leave a comment
View 12 comments

Jobs Recruit Sidebar

virusbtn: RT @emailsecmatters: The typical spam message has sources as diverse as the spam lunch meat: http://ht.ly/2yucd
2 hours ago

virusbtn: Can anyone write a rap about our RAP tests (http://bit.ly/255ySQ) and submit it to the Symantec competition http://bit.ly/bOJg8r
6 hours ago

VB2010

VB2010

VB2010 will take place 29 September - 1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada.

Virus Bulletin currently has 208,224 registered users.